On 2/2/19 7:25 PM, Richard Laager via devel wrote: > # Requiring a bounded set of audited TLS versions > # (the DOD STIG scenario, unverified as to actual requirement) > tlsmin 1.2 tlsmax 1.3 > OR > tlsversions "1.3"
This should be: tlsmin 1.2 tlsmax 1.3 OR tlsversions "1.2 1.3" > # Notably, forcetls is NOT acceptable here, as even if it is per > # association, which I think we are assuming, it breaks negotiation. > # Clients and servers would have to upgrade in lock-step, which is > # unreasonable to expect. -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
